[Date Prev][Date Next] [Chronological] [Thread] [Top]

Selective Replication

To: OpenLDAP-Software@OpenLDAP.org
Subject: Selective Replication
From: Karen R McArthur <kmcarthu@bates.edu>
Date: Thu, 19 Aug 2004 14:14:32 -0400
Organization: Bates College, Information and Library Services
User-agent: Mozilla Thunderbird 0.5 (Windows/20040207)

RedHat 8.0
OpenLDAP 2.1.29-1

I have seen this question in the archive and various places on the web. I've read as much documentation as I can find. But did not see a satisfactory solution. Has anyone solved it. And if so, how is it done?

We have an LDAP running replication. We would like the slave to be everything from the Master EXCEPT objectClass=posixAccount and it's data. I have tried the following with these results:

1.) filter the replica on the objectClass=posixAccount

replogfile /usr/local/var/openldap-slurp/slapd.replog
    replica host=host.example.com:389
       binddn="cn=Replicate,dc=example,dc=com"
       credentials=secret
       bindmethod=simple
       suffix="ou=People,dc=example,dc=com"
       attr!=posixAccount

results: no posixAccout information is passed to the replog file - but NO other objectClasses are passed, either - just their data. When slapd starts up, I get object Class violations due to no object Classes being created.

2.) filter on the data fields I want supressed

    replogfile /usr/local/var/openldap-slurp/slapd.replog
    replica host=host.example.com:389
       binddn="cn=Replicate,dc=example,dc=com"
       credentials=secret
       bindmethod=simple
       suffix="ou=People,dc=example,dc=com"
       attr!=uidNumber,gidNumber,homeDirectory,loginShell,gecos

results: none of these attributes are passed to the replog file, but the objectClass=posixAccount is passed. When slapd starts up, I get objectClass violations due to required posixAccount fields being missing.

3.) last ditch effort - try access list-type filtering

   replogfile /usr/local/var/openldap-slurp/slapd.replog
    replica host=host.example.com:389
       binddn="cn=Replicate,dc=example,dc=com"
       credentials=secret
       bindmethod=simple
       suffix="ou=People,dc=example,dc=com"
       attr!=objectClass filter=(objectClass=posixAccount)

results: just plain wrong - "slapd -t" gives a syntax error on the filter.

--
Karen R. McArthur, Systems Administrator
Bates College, Information and Library Services
Lewiston, Maine 04240
(207) 786-8236 fax:(207) 786-6057
kmcarthu@bates.edu

Follow-Ups:
- Re: Selective Replication
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: ldap address book not browseable by Outlook
Next by Date: Re: OpenLDAP with back-sql schemacheck
Index(es):
- Chronological
- Thread